On Tue, 5 Feb 2013 08:16:06 -0600
Serge Hallyn <serge.hal...@canonical.com> wrote:
> Quoting Dwight Engen (dwight.en...@oracle.com):
> > Reported-by: Alvaro Miranda <miran...@redrock.net.nz>
>
> self-contained, so
>
> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>
>
> but question and comment below.
>
> > Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
> > ---
> > templates/lxc-oracle.in | 63
> > +++++++++++++++++++++++++++++++++++++------------ 1 file changed,
> > 48 insertions(+), 15 deletions(-)
> >
> > diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> > index 95c6275..e6bf489 100644
> > --- a/templates/lxc-oracle.in
> > +++ b/templates/lxc-oracle.in
> > @@ -61,6 +61,7 @@ container_rootfs_configure()
> > if [ -e $container_rootfs/etc/selinux/config ]; then
> > sed -i 's|SELINUX=enforcing|SELINUX=disabled|'
> > $container_rootfs/etc/selinux/config else
> > + mkdir -p $container_rootfs/etc/selinux
> > echo "SELINUX=disabled"
> > >$container_rootfs/etc/selinux/config fi
> > sed -i
> > 's|session[ ]*required[ ]*pam_selinux.so[ ]*close|#session required
> > pam_selinux.so close|' $container_rootfs/etc/pam.d/login @@ -97,8
> > +98,10 @@ EOF echo "127.0.0.1 localhost $name" >
> > $container_rootfs/etc/hosts # disable ipv6
> > - echo "blacklist ipv6"
> > >>$container_rootfs/etc/modprobe.d/blacklist.conf
> > - echo "blacklist net-pf-10"
> > >>$container_rootfs/etc/modprobe.d/blacklist.conf
> > + if [ -f $container_rootfs/etc/modprobe.d/blacklist.conf ]; then
>
> Sorry, is this because if that file doesn't exist then it simply won't
> be needed? (I would have expected you to create the file if it didn't
> exist. modprobe.d isn't exactly a new feature)
This file doesn't exist on ol4, but then ol4 isn't trying to load the
modules for ipv6 anyways so no need to try to stop it. Actually I
don't think this section is needed at all any more since the
lxc.cap.drop = sys_module change, so let me look into removing it.
> ...
> > @@ -508,6 +530,13 @@ container_rootfs_create()
> > echo "Rebuilding rpm database"
> > rm -f $container_rootfs/var/lib/rpm/__db*
> > chroot $container_rootfs rpm --rebuilddb >/dev/null 2>&1
> > +
> > + # doing the yum install with release 4 packages causes
> > proc in the
> > + # container to be mounted, which makes lxc-destroy fail.
> > + if [ $container_release_major = "4" ]; then
> > + umount $container_rootfs/proc
> > + fi
>
> Another, perhaps more future-proof, way of handling this would be to
> run the yum_cmd under lxc-unshare -s MOUNT.
Ahh, I like that idea as it would catch any mounts done during the
install. Thanks for the suggestion, let me try that out.
> > +
> > ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name
> > }
> >
> > @@ -517,10 +546,14 @@ container_release_get()
> > container_release_version=`cat $1/etc/oracle-release |awk
> > '/^Oracle/ {print $5}'` container_release_major=`echo
> > $container_release_version |awk -F '.' '{print $1}'`
> > container_release_minor=`echo $container_release_version |awk -F
> > '.' '{print $2}'`
> > - elif grep -q Nahant $1/etc/redhat-release; then
> > + elif grep -q "Enterprise Linux AS" $1/etc/redhat-release; then
> > container_release_major=`cat $1/etc/redhat-release |awk
> > '{print $7}'` container_release_minor=`cat $1/etc/redhat-release
> > |awk '{print $10}' |tr -d ")"`
> > container_release_version="$container_release_major.$container_release_minor"
> > + elif grep -q "Enterprise Linux Server" $1/etc/redhat-release;
> > then
> > + container_release_version=`cat $1/etc/redhat-release |awk
> > '{print $7}'`
> > + container_release_major=`echo $container_release_version
> > |awk -F '.' '{print $1}'`
> > + container_release_minor=`echo $container_release_version
> > |awk -F '.' '{print $2}'` else
> > echo "Unable to determine container release version"
> > exit 1
> > --
> > 1.7.12.3
> >
> >
> > ------------------------------------------------------------------------------
> > Free Next-Gen Firewall Hardware Offer
> > Buy your Sophos next-gen firewall before the end March 2013
> > and get the hardware for free! Learn more.
> > http://p.sf.net/sfu/sophos-d2d-feb
> > _______________________________________________
> > Lxc-devel mailing list
> > Lxc-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-devel
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
